fkie_nvd - fkie_cve-2013-4429

fkie_cve-2013-4429

Vulnerability from fkie_nvd

Published

2014-05-19 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.

References

▼	URL	Tags
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/10/08/3
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/10/15/1
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/10/16/7
	secalert@redhat.com	https://bugs.launchpad.net/mahara/+bug/1211758
	secalert@redhat.com	https://mahara.org/interaction/forum/topic.php?id=5753
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/10/08/3
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/10/15/1
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/10/16/7
	af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/mahara/+bug/1211758
	af854a3a-2127-422b-91ae-364da2661108	https://mahara.org/interaction/forum/topic.php?id=5753

Impacted products

Vendor	Product	Version
mahara	mahara	*
mahara	mahara	1.5
mahara	mahara	1.5
mahara	mahara	1.5.0
mahara	mahara	1.5.1
mahara	mahara	1.5.2
mahara	mahara	1.5.3
mahara	mahara	1.5.4
mahara	mahara	1.5.6
mahara	mahara	1.5.7
mahara	mahara	1.5.8
mahara	mahara	1.5.9
mahara	mahara	1.5.10
mahara	mahara	1.7.
mahara	mahara	1.7.0
mahara	mahara	1.7.1
mahara	mahara	1.7.2
mahara	mahara	1.6.0
mahara	mahara	1.6.1
mahara	mahara	1.6.2
mahara	mahara	1.6.3
mahara	mahara	1.6.4
mahara	mahara	1.6.5
mahara	mahara	1.6.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC43859-166D-403F-BC6C-4B7FDD02807C",
              "versionEndIncluding": "1.5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block."
    },
    {
      "lang": "es",
      "value": "Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no restringe debidamente acceso a artefactos, lo que permite a usuarios remotos autenticados leer artefactos arbitrarios a trav\u00e9s del (1) id del artefacto en una acci\u00f3n de subida cuando crea un diario o (2) par\u00e1metro instconf_artefactid_selected[ID] en una acci\u00f3n de subida cuando edita un bloque."
    }
  ],
  "id": "CVE-2013-4429",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-19T14:55:08.360",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/mahara/+bug/1211758"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://mahara.org/interaction/forum/topic.php?id=5753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/mahara/+bug/1211758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mahara.org/interaction/forum/topic.php?id=5753"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4429 (GCVE-0-2013-4429)

Vulnerability from cvelistv5

Published

2014-05-19 14:00

Modified

2024-08-06 16:45